There are certain time when you would need Global Catalog role available instead of just Domain Controller role.
The following events require a global catalog server:
The following events require a global catalog server:
- Forest-wide searches. The global catalog provides a resource for searching an AD DS forest. Forest-wide searches are identified by the LDAP port that they use. If the search query uses port 3268, the query is sent to a global catalog server.
- User logon. In a forest that has more than one domain (multidomain), two conditions require the global catalog during user authentication:
- In a domain that operates at the Windows 2000 native domain functional level or higher, domain controllers must request universal group membership enumeration from a global catalog server.
- When a user principal name (UPN) is used at logon and the forest has more than one domain, a global catalog server is required to resolve the name.
- In a domain that operates at the Windows 2000 native domain functional level or higher, domain controllers must request universal group membership enumeration from a global catalog server.
- Universal Group Membership Caching: In a forest that has more than one domain, in sites that have domain users but no global catalog server, Universal Group Membership Caching can be used to enable caching of logon credentials so that the global catalog does not have to be contacted for subsequent user logons. This feature eliminates the need to retrieve universal group memberships across a WAN link from a global catalog server in a different site.
Note
Universal groups are available only in a domain that operates at the Windows 2000 native domain functional level or higher. - Exchange Address Book lookups. Servers running Microsoft Exchange Server rely on access to the global catalog for address information. Users use global catalog servers to access the global address list (GAL).
No comments:
Post a Comment